diff options
-rw-r--r-- | source4/librpc/idl/netlogon.idl | 52 | ||||
-rw-r--r-- | source4/torture/rpc/netlogon.c | 148 |
2 files changed, 173 insertions, 27 deletions
diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl index 6281821d88..548209e0f4 100644 --- a/source4/librpc/idl/netlogon.idl +++ b/source4/librpc/idl/netlogon.idl @@ -266,7 +266,7 @@ interface netlogon NTSTATUS netr_ServerAuthenticate( [in] unistr *server_name, [in] unistr username, - [in] uint16 secure_challenge_type, + [in] uint16 secure_channel_type, [in] unistr computer_name, [in,out] netr_Credential credentials ); @@ -278,7 +278,7 @@ interface netlogon NTSTATUS netr_ServerPasswordSet( [in] unistr *server_name, [in] unistr username, - [in] uint16 secure_challenge_type, + [in] uint16 secure_channel_type, [in] unistr computer_name, [in] netr_Authenticator credential, [in] netr_Password new_password, @@ -695,6 +695,12 @@ interface netlogon [case(3)] netr_NETLOGON_INFO_3 *info3; } netr_CONTROL_QUERY_INFORMATION; + /* function_code values */ + const int NETLOGON_CONTROL_REDISCOVER = 5; + const int NETLOGON_CONTROL_TC_QUERY = 6; + const int NETLOGON_CONTROL_TRANSPORT_NOTIFY = 7; + const int NETLOGON_CONTROL_SET_DBFLAG = 65534; + WERROR netr_LogonControl( [in] unistr *logon_server, [in] uint32 function_code, @@ -712,25 +718,23 @@ interface netlogon [out] unistr *dcname ); -#if 0 - - typedef [switch_type(long)] union { - [case(5)] unistr *unknown; - [case(6)] unistr *unknown; - [case(0xfffe)] uint32 unknown; - [case(7)] unistry*unknown; - } CONTROL_DATA_INFORMATION; - /*****************/ /* Function 0x0E */ - NTSTATUS netr_LogonControl2( - [in][string] wchar_t *logon_server, - [in] uint32 function_code, - [in] uint32 level, - [in][ref] CONTROL_DATA_INFORMATION *data, - [out][ref] CONTROL_QUERY_INFORMATION *query + typedef union { + [case(NETLOGON_CONTROL_REDISCOVER)] unistr *domain; + [case(NETLOGON_CONTROL_TC_QUERY)] unistr *domain; + [case(NETLOGON_CONTROL_TRANSPORT_NOTIFY)] unistr *domain; + [case(NETLOGON_CONTROL_SET_DBFLAG)] uint32 debug_level; + } netr_CONTROL_DATA_INFORMATION; + + WERROR netr_LogonControl2( + [in] unistr *logon_server, + [in] uint32 function_code, + [in] uint32 level, + [in][switch_is(function_code)] netr_CONTROL_DATA_INFORMATION data, + [out][switch_is(level)] netr_CONTROL_QUERY_INFORMATION query ); @@ -738,15 +742,15 @@ interface netlogon /* Function 0x0F */ NTSTATUS netr_ServerAuthenticate2( - [in][string] wchar_t *logon_server, - [in] unistr username, - [in] uint16 secure_channel_type, - [in] unistr computername, - [in][ref] CREDENTIAL *client_chal, - [out][ref] CREDENTIAL *server_chal, - [in][out][ref] uint32 *negotiate_flags, + [in] unistr *server_name, + [in] unistr username, + [in] uint16 secure_channel_type, + [in] unistr computer_name, + [in,out] netr_Credential credentials, + [in,out,ref] uint32 *negotiate_flags ); +#if 0 /*****************/ /* Function 0x10 */ diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index 008d03109e..b5a981c531 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -99,7 +99,7 @@ static BOOL test_SetupCredentials(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, a.in.server_name = NULL; a.in.username = talloc_asprintf(mem_ctx, "%s$", lp_netbios_name()); - a.in.secure_challenge_type = SEC_CHAN_BDC; + a.in.secure_channel_type = SEC_CHAN_BDC; a.in.computer_name = lp_netbios_name(); printf("Testing ServerAuthenticate\n"); @@ -118,6 +118,64 @@ static BOOL test_SetupCredentials(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return True; } +static BOOL test_SetupCredentials2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct netr_CredentialState *creds) +{ + NTSTATUS status; + struct netr_ServerReqChallenge r; + struct netr_ServerAuthenticate2 a; + const char *plain_pass; + uint8 mach_pwd[16]; + uint32 negotiate_flags = 0; + + printf("Testing ServerReqChallenge\n"); + + r.in.server_name = NULL; + r.in.computer_name = lp_netbios_name(); + generate_random_buffer(r.in.credentials.data, sizeof(r.in.credentials.data), False); + + status = dcerpc_netr_ServerReqChallenge(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("ServerReqChallenge - %s\n", nt_errstr(status)); + return False; + } + + plain_pass = secrets_fetch_machine_password(); + if (!plain_pass) { + printf("Unable to fetch machine password!\n"); + return False; + } + + E_md4hash(plain_pass, mach_pwd); + + creds_client_init(creds, &r.in.credentials, &r.out.credentials, mach_pwd, + &a.in.credentials); + + a.in.server_name = NULL; + a.in.username = talloc_asprintf(mem_ctx, "%s$", lp_netbios_name()); + a.in.secure_channel_type = SEC_CHAN_BDC; + a.in.computer_name = lp_netbios_name(); + a.in.negotiate_flags = &negotiate_flags; + a.out.negotiate_flags = &negotiate_flags; + + printf("Testing ServerAuthenticate2\n"); + + status = dcerpc_netr_ServerAuthenticate2(p, mem_ctx, &a); + if (!NT_STATUS_IS_OK(status)) { + printf("ServerAuthenticate2 - %s\n", nt_errstr(status)); + return False; + } + + if (!creds_client_check(creds, &a.out.credentials)) { + printf("Credential chaining failed\n"); + return False; + } + + printf("negotiate_flags=0x%08x\n", negotiate_flags); + + return True; +} + /* try a netlogon SamLogon */ @@ -131,7 +189,7 @@ static BOOL test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) const char *password = lp_parm_string(-1, "torture", "password"); struct netr_CredentialState creds; - if (!test_SetupCredentials(p, mem_ctx, &creds)) { + if (!test_SetupCredentials2(p, mem_ctx, &creds)) { return False; } @@ -194,7 +252,7 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p)); r.in.username = talloc_asprintf(mem_ctx, "%s$", lp_netbios_name()); - r.in.secure_challenge_type = SEC_CHAN_BDC; + r.in.secure_channel_type = SEC_CHAN_BDC; r.in.computer_name = lp_netbios_name(); password = generate_random_str(8); @@ -508,6 +566,86 @@ static BOOL test_GetAnyDCName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) } +/* + try a netlogon LogonControl2 +*/ +static BOOL test_LogonControl2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) +{ + NTSTATUS status; + struct netr_LogonControl2 r; + BOOL ret = True; + int i; + + r.in.logon_server = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p)); + + r.in.function_code = NETLOGON_CONTROL_REDISCOVER; + r.in.data.domain = lp_workgroup(); + + for (i=1;i<4;i++) { + r.in.level = i; + + printf("Testing LogonControl2 level %d function %d\n", + i, r.in.function_code); + + status = dcerpc_netr_LogonControl2(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("LogonControl - %s\n", nt_errstr(status)); + ret = False; + } + } + + r.in.function_code = NETLOGON_CONTROL_TC_QUERY; + r.in.data.domain = lp_workgroup(); + + for (i=1;i<4;i++) { + r.in.level = i; + + printf("Testing LogonControl2 level %d function %d\n", + i, r.in.function_code); + + status = dcerpc_netr_LogonControl2(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("LogonControl - %s\n", nt_errstr(status)); + ret = False; + } + } + + r.in.function_code = NETLOGON_CONTROL_TRANSPORT_NOTIFY; + r.in.data.domain = lp_workgroup(); + + for (i=1;i<4;i++) { + r.in.level = i; + + printf("Testing LogonControl2 level %d function %d\n", + i, r.in.function_code); + + status = dcerpc_netr_LogonControl2(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("LogonControl - %s\n", nt_errstr(status)); + ret = False; + } + } + + r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG; + r.in.data.debug_level = ~0; + + for (i=1;i<4;i++) { + r.in.level = i; + + printf("Testing LogonControl2 level %d function %d\n", + i, r.in.function_code); + + status = dcerpc_netr_LogonControl2(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("LogonControl - %s\n", nt_errstr(status)); + ret = False; + } + } + + return ret; +} + + BOOL torture_rpc_netlogon(int dummy) { NTSTATUS status; @@ -571,6 +709,10 @@ BOOL torture_rpc_netlogon(int dummy) ret = False; } + if (!test_LogonControl2(p, mem_ctx)) { + ret = False; + } + torture_rpc_close(p); return ret; |